Migrate from DotNetZip to `System.IO.Compression`.

Mutagen-Modding / Mutagen

A .NET library for analyzing, creating, and manipulating Bethesda mods

GNU General Public License v3.0

124 stars 32 forks source link

Migrate from DotNetZip to `System.IO.Compression`. #545

Closed focustense closed 3 months ago

focustense commented 3 months ago

DotNetZip is deprecated and its chain of transitive dependencies leads to a version of System.Drawing.Common with a known security vulnerability.

System.IO.Compression has mostly the same APIs except that Read methods are not exact; instead, the newer Stream.ReadExact method needs to be used to guarantee full decompression.

Noggog commented 3 months ago

Looking good! Thanks!